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But  the  simple  fact  that 
almost  every  writer  on  IW 
feels  compelled  to  define  it 
tells  us  that  a  clear  concept 
has  not  yet  crystallized. 
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Information  Warfare  (IW)  is  one  of 
the  hottest  topics  in  current  discus¬ 
sions  of  battlefield  and  geopolitical 
conflict.  It  has  been  addressed  in  writ¬ 
ings,  conferences,  doctrine  and  plans, 
and  military  reorganizations,  and  it 
has  been  proposed  as  a  fundamental 
element  of  21st-century  conflict.  In  a 
way,  the  IW  situation  is  reminiscent 
of  the  concept  of  logistics  as  a  mili¬ 
tary  discipline,  circa  1940: 

•  Elements  of  the  concept  had  been 
known  and  used  for  millennia. 

•  The  value  of  integrating  those  ele¬ 
ments  into  a  coherent  discipline  was 
just  beginning  to  be  recognized. 

•  The  discipline  was  to  become  a  cen¬ 
tral  element  of  modern  warfare — it 
is  now  said  that  “amateur  generals 
[that  is,  Saddam  Hussein]  talk  strat¬ 
egy,  professional  generals  talk 
logistics.” 

This  comparison  has  another  point 
of  similarity:  the  interest  in  IW  far 
outstrips  the  users’  understanding  of 
the  concept.  Early  in  World  War  II, 
a  senior  US  Army  general  said,  “I 
don’t  know  what  this  ‘logistics’  is, 
but  I  want  some.”  Today,  many  peo¬ 
ple  worldwide  are  saying  the  same 
about  IW. 


Searching  for  a  Definition 

This  lack  of  a  consistent  and  spe¬ 
cific  definition  of  IW  is  apparent 
throughout  the  literature.  Col. 

Owen  Jensen,  USAF,  discussing  the 
evolution  and  use  of  the  IW  concept, 
says,  “Although  theTofflers  [Alvin 


and  Heidi]  have  expounded  on  the 
origins  of  this  type  of  warfare,  no 
guru  has  yet  established  its 
principles.” '  VAdm  A.  Cebrowski, 
director  of  C4  for  the  US  Joint  Staff, 
has  said,  “The  services  and  various 
Pentagon  agencies  that  must  prepare 
for  IW  do  not  yet  agree  on  what  the 
concept  encompasses.”^  Almost 
every  writing  on  IW  makes  a  similar 
comment.  Certainly,  many  defini¬ 
tions  have  been  put  forth;  at  the  top 
level  they  sound  much  alike.  But  the 
simple  fact  that  almost  every  writer 
on  IW  feels  compelled  to  define  it 
tells  us  that  a  clear  concept  has  not 
yet  crystallized. 

Military  writers  discuss  IW  in  terms 
of  “information  dominance”  over  an 
enemy,  which  is  described  as  main¬ 
taining  and  applying  a  superior 
understanding  of  the  battlefield 
situation.^ 

Strategic  writers  discuss  IW  as  the 
next  “paradigm”  of  modern  warfare, 
and  they  quote  military  thinkers 
from  Sun  Tzu  to  Clausewitz  and 
examples  from  Xenophon’s  “March 
of  the  10,000”  to  the  Gulf  war.  The 
concept  of  information  dominance  is 
again  raised,  in  a  related  but  differ¬ 
ent  sense,  as  a  means  to  identify  the 
enemy’s  “centers  of  gravity”  against 
which  force  can  be  most  produc¬ 
tively  applied,  while  preventing  an 
enemy  from  knowing  one’s  own  criti¬ 
cal  points. 

Finally,  there  have  been  many  discus¬ 
sions  of  IW  attack  and  defense  as 
related  to  telecommunications  and 
computer  networks,  often  but  not 
always  at  the  national  level.  The 
focus  of  these  discussions  is  the 
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vulnerability  of  such  networks  to 
penettation,  exploitation,  and  degta- 
dation;  the  magnification  of  these 
actions  owing  to  a  modern  country’s 
dependence  on  such  networks;  and 
the  potential  application  of  these 
actions  in  warfare,  crises,  interna¬ 
tional  competition,  and  criminal 
activities. 

These  different  points  of  view  incor¬ 
porate  common  elements,  but  a 
rigorous  definition  of  the  concept  of 
IW  has  not  yet  evolved.  Before  we 
can  identify  and  assess  capabilities 
for  IW  and  related  activities,  we  need 
a  definition,  or  a  model,  that  is  suffi¬ 
ciently  concrete  and  specific  to  serve 
as  a  working  aid. 


A  Starting  Point 

One  can  begin  to  derive  a  definition 
by  asking  why  one  should  even 
bother  with  the  concept  of  IW — is 
there  any  difference  between  IW  and 
previous  concepts  of  information 
attack?  One  might  conclude,  after  a 
cursory  review  of  some  of  the  litera¬ 
ture  on  the  topic,  that  the  concept  of 
IW  is  in  fact  a  rehash  of  existing  con¬ 
cepts  and  techniques  and  that  it  adds 
little  or  no  value.  That  conclusion, 
although  understandable,  would  be 
incomplete. 

Traditional  forms  of  information 
attack,  such  as  radar  countermea¬ 
sures,  C3  countermeasures, 
computer  intrusion,  and  psychologi¬ 
cal  operations,  typically: 

•  Consist  of  techniques,  or  measures 
and  countermeasures. 

•  Have  limited  and  local  goals,  and 
limited  scope  and  orchestration  (that 
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is,  being  restricted  to  a  specific  com¬ 
bat  operation). 

•  Perform  a  supporting  role  in  combat 
activities. 

These  forms  of  attack  tend  to  be 
used  at  the  tactical  level,  and  they 
require  knowledge  of  the  target’s 
technical  characteristics  and  opera¬ 
tional  procedures.  In  noncombat 
activities,  these  forms  of  attack  typi¬ 
cally  are  independent  and  isolated. 

In  contrast,  IW  truly  is  a  form  of 
comprehensive  warfare,  not  merely  a 
set  of  techniques.  IW  is  differenti¬ 
ated  from  individual  measures  in 
that  IW  (like  any  other  form  of  war¬ 
fare)  is  governed  by  a  strategy,  which 
is  focused  on  an  objective.  The  strat¬ 
egy  is  a  comprehensive  plan  for  the 
use  of  IW-related  weapons  and  tac¬ 
tics  to  attain  the  desired  objective. 
The  weapons  and  tactics  may  be  any 
combination  of  military  and  nonmili¬ 
tary  techniques;  the  objective  may  be 
military,  political,  economic,  or 
some  combination  thereof. 

A  unified  IW  campaign  thus  can  be 
conducted  alongside  multiple  concur¬ 
rent  or  consecutive  combat 
operations,  can  extend  beyond  the 
immediate  battlefield,  and  can  cross 
the  boundaries  between  peacetime, 
crisis,  and  combat.  The  term  “infor¬ 
mation”  in  IW  suggests  that  the 
objective  of  such  a  campaign 
involves  generation  of  effects  on  the 
adversary’s  information  that  will  pre¬ 
vent  or  prompt  certain  actions, 


thereby  creating  an  advantage  for  the 
attacker.  (The  objective  of  defensive 
IW  involves  prevention  or  counterac¬ 
tion  of  those  effects.) 


Ultimate  Target 

Such  an  objective  implies  that  the 
true  target  of  an  IW  campaign  is  not 
the  specific  systems  that  are  actually 
attacked,  but  rather  the  adversary’s 
decision  process.  Thus,  IW  attack 
planning  has  to  be  based  not  only  on 
the  characteristics  of  those  systems, 
but  also  on  the  desired  higher  order 
effects.  This  consequence  can  be  illus¬ 
trated  by  a  simple  example,  a 
jamming  attack  on  a  sensor.  As  an 
individual  electronic  warfare  (EW) 
operation,  the  attack  is  based  largely 
on  the  sensor’s  technical  and  opera¬ 
tional  characteristics.  As  an  element 
of  an  IW  campaign,  the  planning 
and  conduct  of  the  attack  has  to  be 
based  on  the  way  in  which  that  sen¬ 
sor  contributes  to  the  adversary’s 
situation  picture  and  the  information 
that  the  sensor  provides  on  the 
attacker’s  forces  and  operations.  An 
even  higher  level  that  has  to  be  con¬ 
sidered  in  the  attack  planning  and 
implementation  is  the  effect  on  the 
adversary’s  decisions  of  blocking, 
degrading,  falsifying,  or  inserting  the 
sensor  information.  The  same 
requirement  holds  for  attacks  on 
communications  systems,  networks, 
links,  and  processing  centers. 

The  overall  concept  of  IW  can  thus 
be  considered  as  having  three  parts:  a 
set  of  IW  elements  (techniques  and 
capabilities),  a  comprehensive  strat¬ 
egy  that  applies  and  orchestrates 
them,  and  a  target  and  objective. 

Only  the  elements  are  common  to 
both  IW  and  the  earlier  concepts  of 
information  attack. 
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A  useful  definition  or  model  of  IW 
therefore  has  to: 

•  Describe  the  ultimate  target  and 
objective. 

•  Identify  and  list  the  applicable  ele¬ 
ments  of  IW. 

•  Show  how  the  elements  can  be  com¬ 
bined  in  the  strategy  to  attack  the 
target. 

Inasmuch  as  the  target  and  objectives 
are  the  basis  for  designing  an  IW 
strategy,  I  will  start  with  a  “target 
model.”  Then  I  will  describe  the  ele¬ 
ments  involved  in  IW.  Finally,  I  will 
present  a  templating  approach  to 
organize  the  elements  and  their  inter¬ 
relations,  so  as  to  support  analyses  of 
IW  strategy. 

A  Target  Model 

A  generic  model  of  the  target  of 
an  IW  operation  is  based  on  the 
abovementioned  difference  between 
IW  and  individual  information 
attacks.  Consider  the  previous  exam¬ 
ple — a  sensor  is  attacked  in  order  to 
affect  its  contribution  to  the  adver¬ 
sary’s  knowledge,  thereby  affecting 
the  adversary’s  decision  process. 

Thus,  a  three-layered  target  model  is 
defined  as: 

•  The  information  systems  layer — 
the  physical  elements  that  generate, 
transfer,  or  store  information. 

Attacks  against  information  systems 
create  technical  effects. 

•  The  information-management 

layer — the  processes  for  handling 
and  dissemination  of  information. 

At  this  layer,  attacks  create  func¬ 
tional  effects. 


•  The  decision-process  layer — the 
intellectual  processes  for  interpreting 
and  using  information.  At  this  layer, 
attacks  create  operational  effects. 

Effects  at  one  level  generate  conse¬ 
quent  effects  at  the  higher  levels.  For 
example,  a  communications  jam¬ 
ming  attack  on  an  information 
system  creates  blockage  or  corrup¬ 
tion  of  the  signal  at  a  receivet 
(technical  effect),  which  in  turn 
reduces  the  information  available 
from  this  channel  (functional  effect). 
One  type  of  consequent  operational 
effect  would  be  decision  delay. 

One  has  to  recognize,  however,  that 
this  propagation  of  effects  is  not  the 
only  way  to  attack  the  decision  layer, 
because  attacks  can  be  performed 
against  any  level.  Although  an  attack 
ultimately  comes  down  to  a  physical 
operation  involving  a  physical  infor¬ 
mation  system,  that  system  may  be 
only  a  vehicle,  not  the  target,  of  the 
attack.  Thus,  the  attack  may  have  lit¬ 
tle  or  no  direct  technical  effect.  In 
fact,  an  attack  may  have  no  func¬ 
tional  effect  either — it  may  create 
directly  an  operational  effect  on  the 
decisionmaker.  An  example  is  a  pro¬ 
paganda  campaign  wherein  the 
information  system  being  used  is  the 
local  newspaper,  the  target  is  the 
decisionmaker,  and  the  technical  and 
functional  effects  are  nil.  Thus, 
attacks  may  have  different  immediate 
targets  and  effects,  and  not  all  effects 
propagate  up  from  the  basic  informa¬ 
tion-system  layer. 

Some  examples  of  different  attack 
processes,  and  how  they  can  be 
mapped  against  the  model,  are  illus¬ 
trated  in  Table  1  on  the  next  page. 

The  point  to  remember  is  that  the 
operational  effects  are  the  ultimate 
objective.  Any  attack  has  to  create  or 


contribute  to  the  desired  operational 
effect(s),  either  by  itself  or  in  combi¬ 
nation  with  other  attacks.  Note  that 
the  propagation  of  effects  may  be 
complex  and  that  not  all  IW  attacks 
will  create  every  type  of  effect.  A 
given  technical  effect  may  generate 
widely  different  operational  effects, 
depending  on  what  is  attacked  and 
under  what  circumstances.  Also, 
operational  effects  may  depend  on 
combinations  of  technical  and 
functional  effects.  IW  strategy  has  to 
account  for  these  factors. 

This  model  provides  a  framework  for 
mapping  and  analyzing  IW  strategies 
and  attacks.  With  the  model,  doc¬ 
trine  and  capabilities  for  IW  can  be 
correlated.  Intentions,  doctrine,  and 
plans  usually  start  with  the  opera¬ 
tional  effects,  whereas  capabilities  are 
usually  described  at  the  technical 
level.  The  layered  model  allows  one 
to  link  the  two  and  to  find  applicable 
capabilities  that  may  be  only  indi¬ 
rectly  related  to  IW.  Directly  related 
capabilities  are  usually  apparent  at 
the  technical  level.  By  looking  at  the 
functional  level,  additional  capabili¬ 
ties  that  will  have  IW  effects  can  be 
identified. 


The  Three  Target  Layers 

Information  systems  layer.  IW 

attacks,  regardless  of  their  ultimate 
objective,  have  to  start  with  an  infor¬ 
mation  system,  often  but  not  always 
an  electronic  system.  In  many  but 
not  all  cases,  that  system  is  the  initial 
target  of  the  attack,  and  technical 
effects  are  intended — receiver  over¬ 
load,  data  corruption,  computer 
shutdown,  data  erasure,  physical 
destruction,  and  so  forth.  This  point 
is  well  recognized  in  the  literature, 
and  detailed  discussions  of  IW  capa¬ 
bilities  often  concentrate  almost 
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Table  1 

Use  of  the  Target  Model  To  Analyze  Attack  Processes 

The  initial  effect,  corresponding  to  the  target  layer,  is  highlighted. 


Type  of  Attack 

Target  Layer 

Technical  Effect 

Functional  Effect 

Operational  Effect 
(examples) 

Communications 

jamming 

Information 

system 

Signal  blockage 

Information  loss 

Delayed  or  wrong 
decision 

Communications 
intrusion — short 
control  message* 

Information 

management 

None — link  con¬ 
tinues  to  exist 

Information  misrouting,  self- 
generated  overload  (diagnos¬ 
tic,  correction,  repeat  messages) 

Delay,  confusion 

Communications 
intrusion — short 
information  message 

Decision  process 

None — link  con¬ 
tinues  to  exist 

Negligible — short  message  does 
not  affect  routing/handling/ 
storage 

Delay,  confusion, 
wrong  decision 

Computer  virus 

Information 

system 

System  paralysis 

Loss  of  data,  loss  of  function  at 
node 

Delayed  or  wrong 
decision 

Network  worm 

Information 

management 

None — network 
links  continue  to 
exist  and  operate 

Delay  or  overload  amounting 
to  loss  of  function 

Delayed  decisions; 
deliberate  shutdown  of 
unaffected  nodes 

PSYOPS/propaganda 

messages 

Decision  process 

None 

None 

Decision  influence 

Military  operation  as 
PSYOPS  maneuver 

Decision  process 

None 

None 

Perception 

manipulation 

*  Many  modern  communications  systems/protocols  use  machine  control  messages  to  establish  links  and  route  traffic.  The 
control  network  may  be  separate  from  the  information-carrying  network.  Examples  are  Signaling  System  7  and 
computer-controlled  adaptive  HE  systems. 

exclusively  on  the  technical  attack 
methods  and  targets.  What  is  not 
always  recognized  is  the  need  for 
those  effects  to  propagate  through 
the  target  and  create  the  desired  oper¬ 
ational  effects,  and  those  only.  It  is 
quite  possible  to  conduct  a  technical 
attack  that  degrades  or  negates  other 
elements  of  an  IW  operation. 

Information  management  layer. 

Information  management  means 
information  transfer,  dissemination, 
storage,  fusion,  and  conversion. 


These  functions  are  performed  by 
information  systems,  and  they  repre¬ 
sent  a  logical  layer  overlaid  on  the 
physical  information-systems  layer. 
Examples  of  functional  effects  are  a 
change  in  information  transfer  capac¬ 
ity,  performance  delays,  and 
misrouting  of  traffic. 

Information  management  is  becom¬ 
ing  increasingly  important  and 
vulnerable,  because  modern  informa¬ 
tion  systems  are  barely  keeping  pace 
with  evolving  formation-generation 


capabilities  and  information  technol¬ 
ogies.  For  example,  data  overload  has 
come  to  be  a  serious  problem  in  US 
military  sensor  and  C3  nets.  The  US 
Navy  encountered  this  problem  in 
the  Gulf  war.  Aegis  systems  and  E-2/ 
E-3  surveillance  aircraft  provided  so 
much  data  that  the  flagship  com¬ 
mand  center  displays  were 
overloading  and  locking  up.  As  a 
result,  it  was  necessary  to  reduce  the 
original  surveillance  area  (Red 
Sea-Iran -Turkey)  to  a  region  cover¬ 
ing  only  southern  Iraq,  the  Persian 
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Gulf,  and  part  of  Iran. ^  An  enemy 
who  takes  note  of  this  problem  could 
develop  measures  to  increase  over¬ 
load  and  exploit  the  lack  of  reserve 
capacity  in  US  military  information- 
management  systems. 

Civil  systems  are  also  becoming 
more  vulnerable  to  this  problem. 

The  Internet  “worm”  of  1988  was  an 
example  of  an  overload  attack.  The 
worm  was  intrinsically  harmless  to 
the  information  systems — it  did  not 
destroy  files  or  operating  systems. 
Rather,  it  occupied  the  memory  and 
resources  of  computers  and  virtually 
monopolized  the  network  links 
among  computers.  The  result  was 
that  many  systems  nationwide  came 
to  a  grinding  halt,  and  countless 
hours  of  effort  were  expended  in 
diagnosis  and  recovery  measures.® 

Another  increasingly  serious  military 
problem  is  information  incompatibil¬ 
ity.  This  problem  represents  another 
network  vulnerability.  It  is  caused  by 
evolving  requirements  for  joint  opera¬ 
tions,  coupled  with  a  huge  increase 
in  the  number  of  communications 
and  data  systems  that  have  stringent 
compatibility  requirements.  Tradi¬ 
tional  VHP  voice  radios  working  on 
standard  channels  could  be  used  by 
anybody;  Link  1 1  can  be  used  only  if 
the  recipient  has  compatible  equip¬ 
ment.  Many  articles  have  discussed 
this  problem,  often  in  connection 
with  Desert  Storm  and  the  joint 
operations  in  the  Mediterranean  and 
Adriatic.  As  just  one  example,  an 
attempt  to  pass  imagery  between  the 
US  Air  Force  and  the  Navy  revealed 
12  incompatible  systems.  The  Navy 
ultimately  solved  compatibility  ptob- 
lems  in  Desert  Storm  by  providing 
equipment  to  selected  other  units. 
Other  compatibility  problems  were 
solved  by  developing  conversion 
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systems  and  deploying  them  on 
selected  platforms.’ 

An  enemy  could  exploit  this  problem 
by  identifying  and  targeting  the  criti¬ 
cal  nodes  where  data  conversion  is 
performed,  or  by  taking  advantage  of 
the  confusion  via  deception,  confu¬ 
sion,  or  intrusion  attacks.  If 
information  managers  are  accustomed 
to  seeing  unreadable  data,  they  might 
not  recognize  the  fact  that  some  data 
have  been  garbled  or  corrupted,  attrib¬ 
uting  the  problems  to  the  known 
inadequacies  of  their  system.  Thus, 
the  IW  planner  has  to  understand  an 
adversary’s  information-management 
processes  and  problems. 


Decision  process  layer.  The  ulti¬ 
mate  target  of  IW  is  the  way  in 
which  information  is  used — that  is, 
the  decision  process.  The  desired 
effects  of  IW  attacks  may  be  indi¬ 
rect — not  just  blinding  or  confusing 
the  enemy,  but  shaping  his  percep¬ 
tions,  decisions,  opinions,  or 
behavior.  The  IW  planner’s  under¬ 
standing  of  the  target  has  to  extend 
to  this  layer,  and  knowledge  of  the 
adversary  has  to  include  his  decision 
criteria,  decision  processes  and  time 
scales,  and  vulnerabilities.  Many  or 
most  of  the  successful  commanders 
and  leaders  throughout  history  had 
an  intuitive  understanding  of  their 
adversaries  at  this  level;  they  often 
applied  it  in  “IW-like”  tactics, 
maneuvers,  and  psychological 


operations  that  confused,  delayed, 
manipulated,  or  paralyzed  the  enemy. 

The  Elements  of  PJJ’ 

The  elements  of  IW  extend  beyond 
the  techniques  and  capabilities  for 
traditional  forms  of  information 
attack.  Taking  a  literal  view  of  the 
term  “warfare,”  the  elements  needed 
to  perform  IW  are: 

•  Primary:  Attack  and  defense  capabili¬ 
ties  and  techniques. 

•  Supporting:  Intelligence  collection 
for  targeting  information — locations 
(which,  for  IW,  may  be  physical  or 
logical),  strengths  and  vulnerabilities, 
and  defenses. 

•  Supporting:  Intelligence  collection 
for  battle  damage  assessment  (BDA). 
Note  that  this  concept  is  separate 
from  the  idea  of  conventional  BDA 
information  as  a  target  of  IW. 

•  Supporting:  Intelligence  collection 
for  attack  indications  and  warning 

(I&W). 

The  attack/defense  capabilities  and 
techniques  are  the  primary  functions 
of  IW.  As  mentioned  above,  these 
capabilities  currently  exist  under  dif¬ 
ferent  guises — EW,  computer 
intrusion  and  viruses,  psychological 
operations,  concealment  and  decep¬ 
tion,  firewalls  and  antivirus 
programs,  encryption  and  spread- 
spectrum  COMSEC  techniques,  and 
so  forth. 

Like  traditional  warfare,  IW  requires 
support  from  external  sources.  One 
is  target  intelligence  collection,  incor¬ 
porating  both  prewar  preparation 
(“strategic  reconnaissance”)  and 
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operational  targeting  during  IW 
activity  (“tactical  reconnaissance”). 

At  the  simplest  level,  this  concept  is 
obvious.  An  attacker  needs  to  know 
the  RFs  of  target  communications 
links;  the  locations  of  sensors,  com¬ 
munications  nodes,  and  decision 
nodes;  addresses,  access  protocols, 
and  passwords  for  computer  systems 
and  networks;  and  so  forth.  The  IW 
target  model  shows,  however,  that  an 
attacker  also  has  to  know  or  discover 
how  a  candidate  target  system  con¬ 
tributes  to  the  adversary’s  situation 
picture  and  what  information  it  pro¬ 
vides  on  the  attacker’s  forces  and 
operations.  Similar  requirements 
exist  at  the  decision-process  level, 
relating  to  the  decision  criteria  used 
by  the  adversary  and  to  the  effect  on 
those  decisions  of  blocking,  degrad¬ 
ing,  falsifying,  or  inserting  certain 
information. 

IW  therefore  has  to  be  supported  by 
sensors  for  electronic  intercept  and 
monitoring,  tools  and  access  points 
for  computer  network  probing  and 
analysis,  and  reconnaissance  to 
detect  and  locate  C3  nodes.  Again, 
these  are  pre-existing  types  of  capabil¬ 
ities  that  may  be  applied  in  an  IW 
strategy. 

IW  is  like  any  other  form  of  warfare 
in  another  respect — it  has  to  be  sup¬ 
ported  by  a  damage  assessment 
function  to  be  effective.  The  ability 
to  measure  IW  effectiveness,  how¬ 
ever,  is  complicated.  For  example, 
even  the  effect  of  a  direct  attack  on  a 
communications  node  can  be  diffi¬ 
cult  to  assess  unless  the  attacker  can 
tap  a  node  or  link  elsewhere,  or  can 
exploit  other  elements  of  the  commu¬ 
nications  net  to  assess  the  success  of 
the  attack  (such  as  by  monitoring 
requests  for  retransmission  or  traffic 
volume  on  return  links).  In  this 
example,  the  attacker  would  be 


observing  functional  effects  to  diag¬ 
nose  technical  effects.  Higher  level 
effects  are  even  harder  to  assess,  and 
some  may  be  impossible  to  diagnose 
until  the  conflict  is  over  and  the 
adversary’s  records  or  memoirs  can 
be  examined. 

Nevertheless,  an  IW  strategy  has  to 
provide  for  intelligence  collection 
and  damage  assessment,  using  typi¬ 
cally  the  same  elements  that  provide 
targeting  data. 

An  IW  capability  also  has  to  be  sup¬ 
ported  by  defensive  intelligence 
elements,  equivalent  to  I&W  capabil¬ 
ities  in  traditional  warfare.  To  use 
most  defensive  IW  measures  success¬ 
fully,  one  has  to  detect,  localize,  and 
diagnose  attacks  on  one’s  own  infor¬ 
mation  systems.  The  elements 
involved  typically  are  detection/ diag¬ 
nostic  tools  embedded  in  or  applied 
to  one’s  potential  target  systems. 
Often,  a  detector  may  be  merely  a 
trained  operator  or  analyst  who  can 
tell  when  jamming  is  occurring  or 
when  the  pattern  of  incoming  data  is 
inconsistent  or  otherwise  suspect. 
Technical  measures  include  network 
analyzers,  activity  monitors,  and  sig¬ 
nal  analyzers.  (One  might  also 
envision  artificial-intelligence  pattern 
recognition  systems  for  data  analysis 
and  similar  concepts.) 

Two  other  key  elements,  which  are, 
related,  cross  over  all  these  catego¬ 
ries.  These  elements  are  expertise  and 
understanding.  Technical  expertise 
and  operational  skills  in  the  use  of 
IW  systems  are  necessary  but  not  suf¬ 
ficient.  An  understanding  of  the 
target,  whether  a  technical  system,  a 
network  structure,  an  operational 
procedure,  or  a  decisionmaker,  and 
an  understanding  of  how  the  target 
layers  interact  for  the  specific  adver¬ 
sary  and  scenario  of  interest  are 


necessary  for  the  development  of  an 
effective  IW  strategy. 

Orchestration 

The  orchestration  of  multiple  IW  ele¬ 
ments  is,  again,  one  of  the  defining 
characteristics  of  IW.  A  combination 
of  attacks  is  assembled  and  applied 
toward  a  specific  objective.  Military 
operations  may  involve  IW  cam¬ 
paigns  designed  to  limit  and  control 
the  enemy’s  knowledge  of  the  situa¬ 
tion  and,  ultimately,  his  ability  to 
operate  effectively.  Nonmilitary  IW 
also  often  involves  orchestrated  cam¬ 
paigns  of  multiple  attacks — a 
political  IW  effort  can  involve  PSY- 
OPS,  data  denial,  data  insertion, 
cover  and  deception,  and  attacks  on 
communications  and  computer  sys¬ 
tems.  (A  multipronged  approach 
does  not  always  apply,  especially  in 
technical  attacks  on  computers  and 
networks.  In  fact,  these  cases  can  be 
almost  exactly  opposite — a  single 
attack  generates  multiple  effects  on 
multiple  targets.) 

To  identify  how  the  various  IW  ele¬ 
ments  can  be  combined  and 
orchestrated,  one  can  fall  back  on  the 
target  model.  After  dividing  the  target 
into  layers,  each  layer  can  be  broken 
down  into  its  components.  The  next 
step  is  to  list  the  attack  actions  that 
are  possible  against  each  component. 
Knowing  the  actions  and  the  target 
characteristics,  the  capabilities  needed 
to  perform  each  attack  against  each 
component  can  be  identified. 

By  combining  the  target  model  and 
the  list  of  elements  that  resulted 
from  consideration  of  IW  as  war¬ 
fare,  one  arrives  at  a  detailed  list  of 
required  or  relevant  capabilities  that 
can  be  used  to  guide  data  searches 
and  analyses.  This  process  justifies 
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Table  2 

Template  of  Target  Elements  and  Attack/Supporting  Actions 


Target  Elements 

Attack/Support  Actions 

Logical 

Physical 

Intelligence 

Information 

Nodes 

Links 

Physical 

Operation 

Data 

Control 

Offensive 

Support 

•  Location 

•  Parameters 

•  Function 

•  Architecture 

•  Network 

•  Users 

•  Data  flow 

•  Msg  timing 

•  Video 

•  Text 

•  Voice 

•  Image 

•  Digital 

•  Link 
setup 
messages 

•  Com¬ 
mon 

channel 

signaling 

•  Data  sources 

•  Relays 

•  Fusion 
points 

•  Processing 
points 

•  Data  storage 

•  Data 
conversion 

•Interpreta¬ 

tion/decision 

•  Comms 

•  Data 

•  Computer 

•  Block 
information 

•  Corrupt  infor¬ 
mation 

•  Saturate  node 

•  Delay 
information 

•  Insert 
infotmation 

•  Relay 
information 

•  And  so  forth 

•  Obtain  intelli¬ 
gence 

•  Relay  intelli¬ 

gence 

•  Control  attack 

•  Use  intelligence 

•  Use  information, 

•  And  so  forth 

each  item  on  the  list  as  being  rele¬ 
vant  to  IW.  Furthermore,  the 
process  automatically  develops  the 
position  and  role  of  each  capability 
in  the  IW  concept.  Finally,  the  orga¬ 
nization  shows  how  the  capabilities, 
attack  techniques,  and  target  ele¬ 
ments  interrelate,  and  it  allows  us  to 
develop  integrated  and  accurate 
descriptions  of  IW  capabilities. 

Table  2  shows  a  top-level  view  of 
this  breakdown  or  template.  In  the 
table,  connections  between  logical 
and  physical  target  elements  are 
not  shown,  and  relations  between 
attack/supporting  actions  and  target 
elements  are  shown  in  words  rather 
than  as  connections  (for  example, 
“relay  information”  and  “relay  intelli¬ 
gence”  actually  refer  to  one  type  of 
action  applied  to  two  target  ele¬ 
ments).  A  complete  template  can  be 
developed  that  divides  this  structure 


into  a  set  of  tables  and  diagrams  that 
show  the  relations  explicitly. 

The  table  does  not  show  the  lowest 
levels  of  detail.  Other  items  can  be 
added  at  the  lowest  (bulleted)  level 
shown,  and  that  is  not  the  final  level. 
It  actually  is  another  row  in  the  hier¬ 
archy  that  can  be  subdivided  into 
different  types.  The  nodes  and  links 
clearly  can  be  broken  out  further, 
and  attack  actions  in  particular  are  to 
be  subdivided.  For  example,  the 
“block  information”  action  actually 
includes  actions  such  as  destroy 
source,  destroy  node,  saturate  node, 
and  jam  link,  which  can  be  further 
broken  down  to  specific  types  of 
nodes  and  links  and  to  specific  types 
of  information.  The  table  also  does 
not  show  defensive  actions  and  their 
relations  to  the  attack  actions.  A  fully 
detailed  template  has  a  separate  entry 


for  each  type  of  action  and  each  type 
of  target  element. 

In  the  table,  the  term  “intelligence” 
refers  to  infotmation  desctibing  ele¬ 
ments  of  the  target  system.  This 
information  may  be  developed  by 
the  IW  support  activity,  as  by 
SIGINT  measurements  or  network 
probes,  or  it  may  actually  reside 
within  the  target  system,  alongside 
the  user  information.  The  latter  case 
is  exemplified  by  an  Internet  host 
that  maintains  a  database  of  other 
hosts  and  users.  It  is  this  information 
that  an  IW  attacker  needs  to  develop 
or  retrieve  in  order  to  focus  the 
attack  or  assess  the  damage. 

Note  that  there  are  two  forms  of 
such  intelligence,  physical  and  opera¬ 
tional.  Physical  intelligence  provides 
target  parameters  and  structural  or 
architectural  information  on  target 
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networks.  Operational  information 
identifies  users,  data  flow  patterns, 
system  status,  and  so  forth.  Both 
targeting  and  damage  assessment 
need  both  types  of  intelligence. 

The  “information”  category  refers  to 
the  contents  of  the  adversary’s  infor¬ 
mation  systems,  and  it  is  divided 
into  data  (the  actual  information 
that  the  adversary  eventually  inter¬ 
prets)  and  control  information  that 
supports  network  operations.  Sophis¬ 
ticated  attacks  on  control 
information  can  be  a  serious  threat 
to  modern  computer  and  communi¬ 
cations  nets.  The  “data”  category  is 
broken  down  by  type,  because  the 
type  of  data  usually  defines  the  tech¬ 
nical  capabilities  required  for  an 
attack.  A  complete  template,  how¬ 
ever,  also  organizes  data  by  the  type 
of  knowledge  it  represents  (sensor 
data,  situation  data,  own-force  data) 
because  this  is  what  determines  the 
functional  and  operational  effects  of 
attacking  the  data. 

The  attack  actions  include  offensive 
measures  and  supporting  measures, 
as  shown  in  the  table.  The  attack 
measures  are  not  limited  to  blockage 
or  degradation  of  information.  One 
may  insert  false  information  into  the 
adversary’s  information  systems.  One 
may  also  use  (or  misuse)  information 
obtained  from  the  adversary,  as  indi¬ 
cated  by  the  entry  “relay 
information.”  Passing  on  or  publish¬ 
ing  information  that  an  adversary 
wants  to  conceal  is  a  classic  IW  mea¬ 
sure.  The  supporting  measures  may 
involve  the  target  or  may  be  self-con¬ 
tained  within  the  IW  system,  such  as 
return  of  collected  information  or 
command  and  control  for  the  IW 
operation.  The  function  “use  infor¬ 
mation”  refers  to  exploitation  of 
collected  information,  and  it  is  as 
important  a  function  as  denying 


infotmation  to  the  adversary.  (There 
has  always  been  the  often  painful 
tradeoff  between  jamming  and 
listening.) 

It  should  be  noted  that  this  template 
is  an  overall  guide,  not  a  rigid 
description.  Not  all  IW  systems  or 
IW  attacks  will  incorporate  all  ele¬ 
ments  of  the  template.  What  the 
template  provides  is  a  framework  to 
guide  the  search  and  interpretation 
of  relevant  capabilities,  and  the  evalu¬ 
ation  of  the  completeness  and 
sophistication  of  a  country’s  IW 
capability  or  concept.  For  capabili¬ 
ties  analyses,  the  template  shows 
what  capabilities  to  look  for,  what 
indirect  capabilities  might  exist,  and 
what  supporting  capabilities  must  be 
identified  before  a  primary  capability 
can  be  assessed  as  effective.  For  doc¬ 
trine  analysis,  the  template’s 
presentation  of  relations  and  support¬ 
ing  elements  is  compared  against  the 
country’s  understanding  of  IW  to 
evaluate  the  completeness  and  sophis¬ 
tication  of  their  doctrine. 
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